Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    CRITICAL
    CVE-2025-49008

    Atheos is a self-hosted browser-based cloud integrated development environment. Prior to version 6.0.4, improper use of `escapeshellcmd()` in `/components/codegit/traits/execute.php` allows argument injection, leading to arbitrary command execution. Atheo... Read more

    Affected Products :
    • Published: Jun. 05, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 5.1

    MEDIUM
    CVE-2025-5683

    When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.... Read more

    Affected Products :
    • Published: Jun. 05, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Denial of Service

  • 4.8

    MEDIUM
    CVE-2025-2336

    Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owa... Read more

    Affected Products :
    • Published: Jun. 04, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.5

    MEDIUM
    CVE-2024-9277

    A vulnerability classified as problematic was found in Langflow up to 1.0.18. Affected by this vulnerability is an unknown functionality of the file \src\backend\base\langflow\interface\utils.py of the component HTTP POST Request Handler. The manipulation... Read more

    Affected Products : langflow
    • Published: Sep. 27, 2024
    • Modified: Jun. 05, 2025

  • 6.5

    MEDIUM
    CVE-2024-8706

    A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads ... Read more

    Affected Products : jfinalcms
    • Published: Sep. 12, 2024
    • Modified: Jun. 05, 2025

  • 5.1

    MEDIUM
    CVE-2024-8694

    A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument... Read more

    Affected Products : jfinalcms
    • Published: Sep. 11, 2024
    • Modified: Jun. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-5379

    A vulnerability was found in JFinalCMS up to 20240111. It has been rated as problematic. This issue affects some unknown processing of the file /admin/template. The manipulation of the argument directory leads to cross site scripting. The attack may be in... Read more

    Affected Products : jfinalcms
    • Published: May. 26, 2024
    • Modified: Jun. 05, 2025

  • 5.4

    MEDIUM
    CVE-2024-5310

    A vulnerability classified as problematic has been found in JFinalCMS up to 20221020. This affects an unknown part of the file /admin/content. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remo... Read more

    Affected Products : jfinalcms
    • Published: May. 24, 2024
    • Modified: Jun. 05, 2025

  • 8.8

    HIGH
    CVE-2024-3431

    A vulnerability was found in EyouCMS 1.6.5. It has been declared as critical. This vulnerability affects unknown code of the file /login.php?m=admin&c=Field&a=channel_edit of the component Backend. The manipulation of the argument channel_id leads to dese... Read more

    Affected Products : eyoucms
    • Published: Apr. 07, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2024-2014

    A vulnerability classified as critical was found in Panabit Panalog 202103080942. This vulnerability affects unknown code of the file /Maintain/sprog_upstatus.php. The manipulation of the argument id leads to sql injection. The attack can be initiated rem... Read more

    Affected Products : panalog
    • Published: Mar. 21, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2025-1840

    A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been rated as critical. Affected by this issue is some unknown functionality of the file /CDGServer3/workflowE/useractivate/updateorg.jsp. The manipulation of the argument flowId leads to sql... Read more

    Affected Products : cdg
    • Published: Mar. 03, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-1812

    A vulnerability classified as critical has been found in zj1983 zz up to 2024-08. Affected is the function GetUserOrg of the file com/futvan/z/framework/core/SuperZ.java. The manipulation of the argument userId leads to sql injection. It is possible to la... Read more

    Affected Products : zz
    • Published: Mar. 02, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2024-13194

    A vulnerability was found in Sucms 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/admin_members.php?ac=search. The manipulation of the argument uid leads to sql injection. The attack may be launched... Read more

    Affected Products : sucms
    • Published: Jan. 09, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 5.4

    MEDIUM
    CVE-2024-13192

    A vulnerability, which was classified as problematic, was found in ZeroWdd myblog 1.0. Affected is the function update of the file src/main/java/com/wdd/myblog/controller/admin/BlogController.java. The manipulation leads to cross site scripting. It is pos... Read more

    Affected Products : myblog
    • Published: Jan. 08, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.9

    MEDIUM
    CVE-2024-12842

    A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiat... Read more

    Affected Products : emlog
    • Published: Dec. 20, 2024
    • Modified: Jun. 05, 2025

  • 9.8

    CRITICAL
    CVE-2025-4937

    A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads... Read more

    • Published: May. 19, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 9.8

    CRITICAL
    CVE-2025-4936

    A vulnerability was found in projectworlds Online Food Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin-page.php. The manipulation of the argument 1_price leads to sql injection. It is possible to... Read more

    Affected Products : online_food_ordering_system
    • Published: May. 19, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 6.3

    MEDIUM
    CVE-2025-4894

    A vulnerability classified as problematic was found in calmkart Django-sso-server up to 057247929a94ffc358788a37ab99e391379a4d15. This vulnerability affects the function gen_rsa_keys of the file common/crypto.py. The manipulation leads to inadequate encry... Read more

    Affected Products : django-sso-server
    • Published: May. 18, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Cryptography

  • 9.8

    CRITICAL
    CVE-2025-4780

    A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been rated as critical. This issue affects some unknown processing of the file /foreigner-search.php. The manipulation of the argument searchdata leads to sql injection. ... Read more

    Affected Products : park_ticketing_management_system
    • Published: May. 16, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection

  • 8.8

    HIGH
    CVE-2025-4770

    A vulnerability, which was classified as critical, has been found in PHPGurukul Park Ticketing Management System 2.0. This issue affects some unknown processing of the file /view-normal-ticket.php. The manipulation of the argument viewid leads to sql inje... Read more

    Affected Products : park_ticketing_management_system
    • Published: May. 16, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Injection
Showing 20 of 292916 Results